HackerOne is running a bug bounty program for FlexiSpy, who specialise in spying on spouses https://twitter.com/josephfcox/status/857314960099160067

Their justification: it's "just fixing vulns" https://twitter.com/senorarroz/status/857399800601337856

I don't buy this at all. By providing security testing services to a shady company, you lend legitimacy to them and their brand. I agree with Casey on this one https://twitter.com/caseyjohnellis/status/857362206626689025